Date: Sun, 16 Sep 2012 08:59:10 -0700 (PDT) From: milki <milki@rescomp.berkeley.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/171686: [NEW PORT] sysutils/password-store: Stores, retrieves, generates, and synchronizes passwords securely Message-ID: <201209161559.q8GFxA7E080665@cibo.ircmylife.com> Resent-Message-ID: <201209161600.q8GG0ONQ014691@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 171686 >Category: ports >Synopsis: [NEW PORT] sysutils/password-store: Stores, retrieves, generates, and synchronizes passwords securely >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Sep 16 16:00:24 UTC 2012 >Closed-Date: >Last-Modified: >Originator: milki >Release: FreeBSD 8.3-RELEASE-p3 amd64 >Organization: cibo >Environment: System: FreeBSD cibo.ircmylife.com 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Tue Jun 12 00:39:29 UTC 2012 >Description: Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted iles may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities. pass makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short an simple shell script. It's capable of temporarily putting passwords on your clipboard and tracking password changes using git. You can edit the password store using ordinary unix shell commands alongside the pass command. There are no funky file formats or new paradigms to learn. There is bash completion so that you can simply hit tab to fill in names. WWW: http://zx2c4.com/projects/password-store/ Note to committer: If possible, could you host the distfile as well? upstream doesn't have any mirrors. Generated with FreeBSD Port Tools 0.99_6 (mode: new) >How-To-Repeat: >Fix: --- .shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # password-store # password-store/Makefile # password-store/distinfo # password-store/files # password-store/files/linuxism.patch # password-store/files/linuxism+git.patch # password-store/files/linuxism+git+xclip.patch # password-store/files/linuxism+xclip.patch # password-store/pkg-descr # echo c - password-store mkdir -p password-store > /dev/null 2>&1 echo x - password-store/Makefile sed 's/^X//' >password-store/Makefile << 'db60f402f0646a5214f90b8279725368' X# $FreeBSD$ X XPORTNAME= password-store XPORTVERSION= 1.3.1 XCATEGORIES= sysutils XMASTER_SITES= http://git.zx2c4.com/password-store/snapshot/ XEXTRACT_SUFX= .tar.xz X XMAINTAINER= milki@rescomp.berkeley.edu XCOMMENT= Stores, retrieves, generates, and synchronizes passwords securely X XLICENSE= GPLv2 X XRUN_DEPENDS= gnupg>=2:${PORTSDIR}/security/gnupg \ X pwgen>=0:${PORTSDIR}/sysutils/pwgen \ X tree>=0:${PORTSDIR}/sysutils/tree X XOPTIONS_DEFINE= GIT XCLIP X XGIT_DESC= Enable git backend XXCLIP_DESC= Enable xclip feature X X.include <bsd.port.options.mk> X X.if ${PORT_OPTIONS:MGIT} XRUN_DEPENDS+= git>=0:${PORTSDIR}/devel/git X.endif X X.if ${PORT_OPTIONS:MXCLIP} XRUN_DEPENDS+= base64>=0:${PORTSDIR}/converters/base64 \ X xclip>=0:${PORTSDIR}/x11/xclip X.endif X Xdo-patch: X.if empty(PORT_OPTIONS:MGIT) && empty(PORT_OPTIONS:MXCLIP) X (cd ${WRKSRC} && ${PATCH} < ${PATCHDIR}/linuxism+git+xclip.patch) X.elif empty(PORT_OPTIONS:MGIT) X (cd ${WRKSRC} && ${PATCH} < ${PATCHDIR}/linuxism+git.patch) X.elif empty(PORT_OPTIONS:MXCLIP) X (cd ${WRKSRC} && ${PATCH} < ${PATCHDIR}/linuxism+xclip.patch) X.else X (cd ${WRKSRC} && ${PATCH} < ${PATCHDIR}/linuxism.patch) X.endif X X# empty to skip make Xdo-build: X Xdo-install: X ${INSTALL_SCRIPT} ${WRKSRC}/src/password-store.sh ${PREFIX}/libexec/pass X @${LN} -s ${PREFIX}/libexec/pass ${PREFIX}/bin/pass X X @${MKDIR} ${DATADIR} X ${INSTALL_DATA} ${WRKSRC}/contrib/pass.bash-completion ${DATADIR}/ X ${INSTALL_DATA} ${WRKSRC}/contrib/pass.zsh-completion ${DATADIR}/ X ${INSTALL_DATA} ${WRKSRC}/man/pass.1 ${MANPREFIX}/man/man1/pass.1 X XMAN1= pass.1 XMANCOMPRESSED= no X XPLIST_FILES= bin/pass \ X libexec/pass \ X share/password-store/pass.bash-completion \ X share/password-store/pass.zsh-completion XPLIST_DIRS= share/password-store X X.include <bsd.port.mk> db60f402f0646a5214f90b8279725368 echo x - password-store/distinfo sed 's/^X//' >password-store/distinfo << '7a25461386247d7271861bedbe1caa3e' XSHA256 (password-store-1.3.1.tar.xz) = 351c0e2eb3315ca317026e73f7654a6351f2674000d9476b18c1525cbc5d732d XSIZE (password-store-1.3.1.tar.xz) = 14864 7a25461386247d7271861bedbe1caa3e echo c - password-store/files mkdir -p password-store/files > /dev/null 2>&1 echo x - password-store/files/linuxism.patch sed 's/^X//' >password-store/files/linuxism.patch << 'aeeca6e5ef8cca5a7e1f95886bdb0489' Xdiff --git a/src/password-store.sh b/src/password-store.sh Xindex 1553e5b..78c45b8 100755 X--- src/password-store.sh X+++ src/password-store.sh X@@ -1,4 +1,4 @@ X-#!/bin/bash X+#!/usr/local/bin/bash X X # (C) Copyright 2012 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. X # This is released under the GPLv2+. Please see COPYING for more information. X@@ -7,10 +7,15 @@ umask 077 X X PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X ID="$PREFIX/.gpg-id" X-GIT="$PREFIX/.git" X+GITDIR="$PREFIX/.git" X GPG_OPTS="--quiet --yes --batch" X+GETOPT=/usr/local/bin/getopt X+GPG=gpg2 X+GIT=git X+XCLIP=xclip X+BASE64=base64 X X-export GIT_DIR="$GIT" X+export GIT_DIR="$GITDIR" X export GIT_WORK_TREE="$PREFIX" X X version() { X@@ -72,12 +77,12 @@ clip() { X # in shell. There must be a better way to deal with this, but because I'm a dolt, X # we're going with this for now. X X- before="$(xclip -o -selection clipboard | base64)" X- echo -n "$1" | xclip -selection clipboard X+ before="$($XCLIP -o -selection clipboard | $BASE64)" X+ echo -n "$1" | $XCLIP -selection clipboard X ( X sleep 45 X- now="$(xclip -o -selection clipboard | base64)" X- if [[ $now != $(echo -n "$1" | base64) ]]; then X+ now="$($XCLIP -o -selection clipboard | $BASE64)" X+ if [[ $now != $(echo -n "$1" | $BASE64) ]]; then X before="$now" X fi X # It might be nice to programatically check to see if klipper exists, X@@ -85,7 +90,7 @@ clip() { X # this works fine. Clipboard managers frequently write their history X # out in plaintext, so we axe it here. X qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory >/dev/null 2>&1 X- echo "$before" | base64 -d | xclip -selection clipboard X+ echo "$before" | $BASE64 -d | $XCLIP -selection clipboard X ) & disown X echo "Copied $2 to clipboard. Will clear in 45 seconds." X } X@@ -134,7 +139,7 @@ case "$command" in X show|ls|list) X clip=0 X X- opts="$(getopt -o c -l clip -n $program -- "$@")" X+ opts="$($GETOPT -o c -l clip -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -162,9 +167,9 @@ case "$command" in X exit 1 X fi X if [ $clip -eq 0 ]; then X- exec gpg -q -d --yes --batch "$passfile" X+ exec $GPG -q -d --yes --batch "$passfile" X else X- clip "$(gpg -q -d --yes --batch "$passfile" | head -n 1)" "$path" X+ clip "$($GPG -q -d --yes --batch "$passfile" | head -n 1)" "$path" X fi X fi X ;; X@@ -173,7 +178,7 @@ case "$command" in X noecho=0 X force=0 X X- opts="$(getopt -o mnf -l multiline,no-echo,force -n $program -- "$@")" X+ opts="$($GETOPT -o mnf -l multiline,no-echo,force -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -201,7 +206,7 @@ case "$command" in X if [[ $ml -eq 1 ]]; then X echo "Enter contents of $path and press Ctrl+D when finished:" X echo X- cat | gpg -e -r "$ID" -o "$passfile" $GPG_OPTS X+ cat | $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS X elif [[ $noecho -eq 1 ]]; then X while true; do X read -p "Enter password for $path: " -s password X@@ -209,7 +214,7 @@ case "$command" in X read -p "Retype password for $path: " -s password_again X echo X if [[ $password == $password_again ]]; then X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X break X else X echo "Error: the entered passwords do not match." X@@ -217,11 +222,11 @@ case "$command" in X done X else X read -p "Enter password for $path: " -e password X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X fi X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added given password for $path to store." X+ if [[ -d $GITDIR ]]; then X+ $GIT add "$passfile" X+ $GIT commit -m "Added given password for $path to store." X fi X ;; X edit) X@@ -252,25 +257,25 @@ case "$command" in X X action="Added" X if [[ -f $passfile ]]; then X- gpg -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X+ $GPG -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X action="Edited" X fi X ${EDITOR:-vi} "$tmp_file" X- while ! gpg -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X+ while ! $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X echo "GPG encryption failed. Retrying." X sleep 1 X done X X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "$action password for $path using ${EDITOR:-vi}." X+ if [[ -d $GITDIR ]]; then X+ $GIT add "$passfile" X+ $GIT commit -m "$action password for $path using ${EDITOR:-vi}." X fi X ;; X generate) X clip=0 X symbols="-y" X X- opts="$(getopt -o nc -l no-symbols,clip -n $program -- "$@")" X+ opts="$($GETOPT -o nc -l no-symbols,clip -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -292,10 +297,10 @@ case "$command" in X mkdir -p -v "$PREFIX/$(dirname "$path")" X pass="$(pwgen -s $symbols $length 1)" X passfile="$PREFIX/$path.gpg" X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added generated password for $path to store." X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X+ if [[ -d $GITDIR ]]; then X+ $GIT add "$passfile" X+ $GIT commit -m "Added generated password for $path to store." X fi X X if [ $clip -eq 0 ]; then X@@ -317,22 +322,45 @@ case "$command" in X exit 1 X fi X rm -i -v "$passfile" X- if [[ -d $GIT ]] && ! [[ -f $passfile ]]; then X- git rm -f "$passfile" X- git commit -m "Removed $path from store." X+ if [[ -d $GITDIR ]] && ! [[ -f $passfile ]]; then X+ $GIT rm -f "$passfile" X+ $GIT commit -m "Removed $path from store." X fi X ;; X push|pull) X- if [[ -d $GIT ]]; then X- exec git $command "$@" X+ if [[ -d $GITDIR ]]; then X+ exec $GIT $command "$@" X else X echo "Error: the password store is not a git repository." X exit 1 X fi X ;; X git) X- if [[ $1 == "init" ]] || [[ -d $GIT ]]; then X- exec git "$@" X+ if [[ $1 == "init" ]]; then X+ username=$2 X+ useremail=$3 X+ X+ $GIT init X+ X+ if [ -z "$username" ]; then X+ current=$($GIT config user.name) X+ prompt="Set your git user.name: " X+ read -e -i "$current" -p "$prompt" username X+ username="${username:-$username}" X+ fi X+ if [ -z "$useremail" ]; then X+ current=$($GIT config user.email) X+ prompt="Set your git user.email: " X+ read -e -i "$current" -p "$prompt" useremail X+ useremail="${useremail:-$useremail}" X+ fi X+ $GIT config user.name "$username" X+ $GIT config user.email "$useremail" X+ echo .gpg-id > $PREFIX/.gitignore X+ $GIT add . X+ $GIT commit -m "Adding existing passwords to the store." X+ elif [[ -d $GITDIR ]]; then X+ exec $GIT "$@" X else X echo "Error: the password store is not a git repository." X exit 1 aeeca6e5ef8cca5a7e1f95886bdb0489 echo x - password-store/files/linuxism+git.patch sed 's/^X//' >password-store/files/linuxism+git.patch << '6674ec6e42ea1bce94521f3999a7877b' Xdiff --git a/README b/README Xindex 52e23af..273aa27 100644 X--- README X+++ README X@@ -14,7 +14,6 @@ Please see the man page for documentation and examples. X X Depends on: X - gpg2 X-- git X - xclip X - pwgen X - tree Xdiff --git a/contrib/pass.zsh-completion b/contrib/pass.zsh-completion Xindex 5cf8808..cab22e0 100644 X--- contrib/pass.zsh-completion X+++ contrib/pass.zsh-completion X@@ -27,9 +27,6 @@ _pass () { X "generate[Generate a new password using pwgen]" \ X "edit[Edit a password with \$EDITOR]" \ X "rm[Remove the password]" \ X- "push[push the latest changes using git-push(1)]" \ X- "pull[pull the latest changes using git-pull(1)]" \ X- "git[Call git]" \ X "help[Help]" X _pass_cmd_show X fi X@@ -75,6 +72,6 @@ _pass_cmd_rm () { X } X X _get_stored_pwd () { X- compadd `find ~/.password-store \( -name .git -o -name .gpg-id \) -prune -o -type f -print | sed 's#.*\.password-store*.##'| sed 's#\.gpg##' | sort` X+ compadd `find ~/.password-store \( -name .gpg-id \) -prune -o -type f -print | sed 's#.*\.password-store*.##'| sed 's#\.gpg##' | sort` X X } Xdiff --git a/man/pass.1 b/man/pass.1 Xindex a124c32..c2ff884 100644 X--- man/pass.1 X+++ man/pass.1 X@@ -34,13 +34,6 @@ or X depending on the type of specifier in ARGS. Otherwise COMMAND must be one of X the valid commands listed below. X X-Several of the commands below rely on or provide additional functionality if X-the password store directory is also a git repository. If the password store X-directory is a git repository, all password store modification commands will X-cause a corresponding git commit. See the \fIEXAMPLES\fP section for an X-extended description using \fBinit\fP and X-.BR git (1). X- X The \fBinit\fP command must be run before other commands in order to initialize X the password store with the correct gpg key id. X X@@ -102,19 +95,6 @@ and then restore the clipboard after 45 seconds. X Remove the password named \fIpass-name\fP from the password store. This command is X alternatively named \fBremove\fP. X .TP X-\fBpush\fP X-If the password store is a git repository, push the latest changes using X-.BR git-push (1). X-.TP X-\fBpull\fP X-If the password store is a git repository, pull the latest changes using X-.BR git-pull (1). X-.TP X-\fBgit\fP \fIgit-command-args\fP... X-If the password store is a git repository, pass \fIgit-command-args\fP as arguments to X-.BR git (1) X-using the password store as the git repository. X-.TP X \fBhelp\fP X Show usage message. X .TP X@@ -220,10 +200,8 @@ rm: remove regular file \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz X .br X removed \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019] X X-.SH EXTENDED GIT EXAMPLE X-Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. Make note of the arguments to the first call of \fBpass push\fP; consult X-.BR git-push (1) X-for more information. X+.SH EXTENDED EXAMPLE X+Here, we initialize new password store, and then manipulate and sync passwords. X X .B zx2c4@laptop ~ $ pass init Jason@zx2c4.com X .br X@@ -231,12 +209,6 @@ mkdir: created directory \[u2018]/home/zx2c4/.password-store\[u2019] X .br X Password store initialized for Jason@zx2c4.com. X X-.B zx2c4@laptop ~ $ pass git init X-.br X-Initialized empty Git repository in /home/zx2c4/.password-store/.git/ X- X-.B zx2c4@laptop ~ $ pass git remote add origin kexec.com:pass-store X- X .B zx2c4@laptop ~ $ pass generate Amazon/amazonemail@email.com 21 X .br X mkdir: created directory \[u2018]/home/zx2c4/.password-store/Amazon\[u2019] X@@ -251,24 +223,6 @@ The generated password to Amazon/amazonemail@email.com is: X .br X <5m,_BrZY`antNDxKN<0A X X-.B zx2c4@laptop ~ $ pass push -u --all X-.br X-Counting objects: 4, done. X-.br X-Delta compression using up to 2 threads. X-.br X-Compressing objects: 100% (3/3), done. X-.br X-Writing objects: 100% (4/4), 921 bytes, done. X-.br X-Total 4 (delta 0), reused 0 (delta 0) X-.br X-To kexec.com:pass-store X-.br X-* [new branch] master -> master X-.br X-Branch master set up to track remote branch master from origin. X- X .B zx2c4@laptop ~ $ pass insert Amazon/otheraccount@email.com X .br X Enter password for Amazon/otheraccount@email.com: som3r3a11yb1gp4ssw0rd!!88** X@@ -293,20 +247,6 @@ rm 'Amazon/amazonemail@email.com.gpg' X .br X delete mode 100644 Amazon/amazonemail@email.com.gpg X X-.B zx2c4@laptop ~ $ pass push X-.br X-Counting objects: 9, done. X-.br X-Delta compression using up to 2 threads. X-.br X-Compressing objects: 100% (5/5), done. X-.br X-Writing objects: 100% (7/7), 1.25 KiB, done. X-.br X-Total 7 (delta 0), reused 0 (delta 0) X-.br X-To kexec.com:pass-store X- X .SH FILES X X .TP X@@ -320,7 +260,6 @@ be set using the \fBinit\fP command. X .SH SEE ALSO X .BR gpg (1), X .BR pwgen (1), X-.BR git (1), X .BR xclip (1). X X .SH AUTHOR Xdiff --git a/src/password-store.sh b/src/password-store.sh Xindex 1553e5b..6844dc4 100755 X--- src/password-store.sh X+++ src/password-store.sh X@@ -1,4 +1,4 @@ X-#!/bin/bash X+#!/usr/local/bin/bash X X # (C) Copyright 2012 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. X # This is released under the GPLv2+. Please see COPYING for more information. X@@ -7,11 +7,11 @@ umask 077 X X PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X ID="$PREFIX/.gpg-id" X-GIT="$PREFIX/.git" X GPG_OPTS="--quiet --yes --batch" X- X-export GIT_DIR="$GIT" X-export GIT_WORK_TREE="$PREFIX" X+GETOPT=/usr/local/bin/getopt X+GPG=gpg2 X+XCLIP=xclip X+BASE64=base64 X X version() { X cat <<_EOF X@@ -48,13 +48,6 @@ Usage: X Optionally put it on the clipboard and clear board after 45 seconds. X $program rm pass-name X Remove existing password. X- $program push X- If the password store is a git repository, push the latest changes. X- $program pull X- If the password store is a git repository, pull the latest changes. X- $program git git-command-args... X- If the password store is a git repository, execute a git command X- specified by git-command-args. X $program help X Show this text. X $program version X@@ -63,7 +56,7 @@ _EOF X } X isCommand() { X case "$1" in X- init|ls|list|show|insert|edit|generate|remove|rm|delete|push|pull|git|help|--help|version|--version) return 0 ;; X+ init|ls|list|show|insert|edit|generate|remove|rm|delete|help|--help|version|--version) return 0 ;; X *) return 1 ;; X esac X } X@@ -72,12 +65,12 @@ clip() { X # in shell. There must be a better way to deal with this, but because I'm a dolt, X # we're going with this for now. X X- before="$(xclip -o -selection clipboard | base64)" X- echo -n "$1" | xclip -selection clipboard X+ before="$($XCLIP -o -selection clipboard | $BASE64)" X+ echo -n "$1" | $XCLIP -selection clipboard X ( X sleep 45 X- now="$(xclip -o -selection clipboard | base64)" X- if [[ $now != $(echo -n "$1" | base64) ]]; then X+ now="$($XCLIP -o -selection clipboard | $BASE64)" X+ if [[ $now != $(echo -n "$1" | $BASE64) ]]; then X before="$now" X fi X # It might be nice to programatically check to see if klipper exists, X@@ -85,7 +78,7 @@ clip() { X # this works fine. Clipboard managers frequently write their history X # out in plaintext, so we axe it here. X qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory >/dev/null 2>&1 X- echo "$before" | base64 -d | xclip -selection clipboard X+ echo "$before" | $BASE64 -d | $XCLIP -selection clipboard X ) & disown X echo "Copied $2 to clipboard. Will clear in 45 seconds." X } X@@ -134,7 +127,7 @@ case "$command" in X show|ls|list) X clip=0 X X- opts="$(getopt -o c -l clip -n $program -- "$@")" X+ opts="$($GETOPT -o c -l clip -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -162,9 +155,9 @@ case "$command" in X exit 1 X fi X if [ $clip -eq 0 ]; then X- exec gpg -q -d --yes --batch "$passfile" X+ exec $GPG -q -d --yes --batch "$passfile" X else X- clip "$(gpg -q -d --yes --batch "$passfile" | head -n 1)" "$path" X+ clip "$($GPG -q -d --yes --batch "$passfile" | head -n 1)" "$path" X fi X fi X ;; X@@ -173,7 +166,7 @@ case "$command" in X noecho=0 X force=0 X X- opts="$(getopt -o mnf -l multiline,no-echo,force -n $program -- "$@")" X+ opts="$($GETOPT -o mnf -l multiline,no-echo,force -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -201,7 +194,7 @@ case "$command" in X if [[ $ml -eq 1 ]]; then X echo "Enter contents of $path and press Ctrl+D when finished:" X echo X- cat | gpg -e -r "$ID" -o "$passfile" $GPG_OPTS X+ cat | $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS X elif [[ $noecho -eq 1 ]]; then X while true; do X read -p "Enter password for $path: " -s password X@@ -209,7 +202,7 @@ case "$command" in X read -p "Retype password for $path: " -s password_again X echo X if [[ $password == $password_again ]]; then X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X break X else X echo "Error: the entered passwords do not match." X@@ -217,11 +210,7 @@ case "$command" in X done X else X read -p "Enter password for $path: " -e password X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X- fi X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added given password for $path to store." X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X fi X ;; X edit) X@@ -252,25 +241,20 @@ case "$command" in X X action="Added" X if [[ -f $passfile ]]; then X- gpg -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X+ $GPG -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X action="Edited" X fi X ${EDITOR:-vi} "$tmp_file" X- while ! gpg -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X+ while ! $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X echo "GPG encryption failed. Retrying." X sleep 1 X done X- X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "$action password for $path using ${EDITOR:-vi}." X- fi X ;; X generate) X clip=0 X symbols="-y" X X- opts="$(getopt -o nc -l no-symbols,clip -n $program -- "$@")" X+ opts="$($GETOPT -o nc -l no-symbols,clip -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -292,12 +276,7 @@ case "$command" in X mkdir -p -v "$PREFIX/$(dirname "$path")" X pass="$(pwgen -s $symbols $length 1)" X passfile="$PREFIX/$path.gpg" X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added generated password for $path to store." X- fi X- X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X if [ $clip -eq 0 ]; then X echo "The generated password to $path is:" X echo "$pass" X@@ -317,26 +296,6 @@ case "$command" in X exit 1 X fi X rm -i -v "$passfile" X- if [[ -d $GIT ]] && ! [[ -f $passfile ]]; then X- git rm -f "$passfile" X- git commit -m "Removed $path from store." X- fi X- ;; X- push|pull) X- if [[ -d $GIT ]]; then X- exec git $command "$@" X- else X- echo "Error: the password store is not a git repository." X- exit 1 X- fi X- ;; X- git) X- if [[ $1 == "init" ]] || [[ -d $GIT ]]; then X- exec git "$@" X- else X- echo "Error: the password store is not a git repository." X- exit 1 X- fi X ;; X *) X usage 6674ec6e42ea1bce94521f3999a7877b echo x - password-store/files/linuxism+git+xclip.patch sed 's/^X//' >password-store/files/linuxism+git+xclip.patch << '9880f80c54376ea46d9cdf48fbab4e1d' Xdiff --git a/README b/README Xindex 52e23af..f24107f 100644 X--- README X+++ README X@@ -14,8 +14,6 @@ Please see the man page for documentation and examples. X X Depends on: X - gpg2 X-- git X-- xclip X - pwgen X - tree X - GNU getopt Xdiff --git a/contrib/pass.zsh-completion b/contrib/pass.zsh-completion Xindex 5cf8808..f589b5e 100644 X--- contrib/pass.zsh-completion X+++ contrib/pass.zsh-completion X@@ -27,9 +27,6 @@ _pass () { X "generate[Generate a new password using pwgen]" \ X "edit[Edit a password with \$EDITOR]" \ X "rm[Remove the password]" \ X- "push[push the latest changes using git-push(1)]" \ X- "pull[pull the latest changes using git-pull(1)]" \ X- "git[Call git]" \ X "help[Help]" X _pass_cmd_show X fi X@@ -45,7 +42,6 @@ _pass_cmd_ls () { X X _pass_cmd_show () { X _arguments : \ X- "-c[put it on the clipboard]" \ X '*::show:_get_stored_pwd' X #'::pass id:_files -W ~/.password-store -g "*.gpg(|.*)(-.)"' X } X@@ -65,7 +61,6 @@ _pass_cmd_insert () { X _pass_cmd_generate () { X _arguments : \ X "-n[no symbols]" \ X- "-c[put password on the clipboard]" \ X '::show:_get_stored_pwd' X } X X@@ -75,6 +70,6 @@ _pass_cmd_rm () { X } X X _get_stored_pwd () { X- compadd `find ~/.password-store \( -name .git -o -name .gpg-id \) -prune -o -type f -print | sed 's#.*\.password-store*.##'| sed 's#\.gpg##' | sort` X+ compadd `find ~/.password-store \( -name .gpg-id \) -prune -o -type f -print | sed 's#.*\.password-store*.##'| sed 's#\.gpg##' | sort` X X } Xdiff --git a/man/pass.1 b/man/pass.1 Xindex a124c32..8eeb49b 100644 X--- man/pass.1 X+++ man/pass.1 X@@ -34,13 +34,6 @@ or X depending on the type of specifier in ARGS. Otherwise COMMAND must be one of X the valid commands listed below. X X-Several of the commands below rely on or provide additional functionality if X-the password store directory is also a git repository. If the password store X-directory is a git repository, all password store modification commands will X-cause a corresponding git commit. See the \fIEXAMPLES\fP section for an X-extended description using \fBinit\fP and X-.BR git (1). X- X The \fBinit\fP command must be run before other commands in order to initialize X the password store with the correct gpg key id. X X@@ -64,12 +57,8 @@ by using the X .BR tree (1) X program. This command is alternatively named \fBlist\fP. X .TP X-\fBshow\fP [ \fI--clip\fP, \fI-c\fP ] \fIpass-name\fP X-Decrypt and print a password named \fIpass-name\fP. If \fI--clip\fP or \fI-c\fP X-is specified, do not print the password but instead copy the first line to the X-clipboard using X-.BR xclip (1) X-and then restore the clipboard after 45 seconds. X+\fBshow\fP \fIpass-name\fP X+Decrypt and print a password named \fIpass-name\fP. X .TP X \fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ]\fIpass-name\fP X Insert a new password into the password store called \fIpass-name\fP. This will X@@ -88,33 +77,16 @@ ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writ X difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to X the ordinary \fBTMPDIR\fP location, and print a warning. X .TP X-\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP X+\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] \fIpass-name pass-length\fP X Generate a new password using X .BR pwgen (1) X of length \fIpass-length\fP and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP X is specified, do not use any non-alphanumeric characters in the generated password. X-If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy X-it to the clipboard using X-.BR xclip (1) X-and then restore the clipboard after 45 seconds. X .TP X \fBrm\fP \fIpass-name\fP X Remove the password named \fIpass-name\fP from the password store. This command is X alternatively named \fBremove\fP. X .TP X-\fBpush\fP X-If the password store is a git repository, push the latest changes using X-.BR git-push (1). X-.TP X-\fBpull\fP X-If the password store is a git repository, pull the latest changes using X-.BR git-pull (1). X-.TP X-\fBgit\fP \fIgit-command-args\fP... X-If the password store is a git repository, pass \fIgit-command-args\fP as arguments to X-.BR git (1) X-using the password store as the git repository. X-.TP X \fBhelp\fP X Show usage message. X .TP X@@ -165,11 +137,6 @@ Show existing password X .br X sup3rh4x3rizmynam3 X .TP X-Copy existing password to clipboard X-.B zx2c4@laptop ~ $ pass -c Email/zx2c4.com X-.br X-Copied Email/jason@zx2c4.com to clipboard. Will clear in 45 seconds. X-.TP X Add password to store X .B zx2c4@laptop ~ $ pass insert Business/cheese-whiz-factory X .br X@@ -208,11 +175,6 @@ The generated password to Email/jasondonenfeld.com is: X .br X YqFsMkBeO6di X .TP X-Generate new password and copy it to the clipboard X-.B zx2c4@laptop ~ $ pass -c generate Email/jasondonenfeld.com 19 X-.br X-Copied Email/jasondonenfeld.com to clipboard. Will clear in 45 seconds. X-.TP X Remove password from store X .B zx2c4@laptop ~ $ pass remove Business/cheese-whiz-factory X .br X@@ -220,10 +182,8 @@ rm: remove regular file \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz X .br X removed \[u2018]/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg\[u2019] X X-.SH EXTENDED GIT EXAMPLE X-Here, we initialize new password store, create a git repository, and then manipulate and sync passwords. Make note of the arguments to the first call of \fBpass push\fP; consult X-.BR git-push (1) X-for more information. X+.SH EXTENDED EXAMPLE X+Here, we initialize new password store, and then manipulate and sync passwords. X X .B zx2c4@laptop ~ $ pass init Jason@zx2c4.com X .br X@@ -231,12 +191,6 @@ mkdir: created directory \[u2018]/home/zx2c4/.password-store\[u2019] X .br X Password store initialized for Jason@zx2c4.com. X X-.B zx2c4@laptop ~ $ pass git init X-.br X-Initialized empty Git repository in /home/zx2c4/.password-store/.git/ X- X-.B zx2c4@laptop ~ $ pass git remote add origin kexec.com:pass-store X- X .B zx2c4@laptop ~ $ pass generate Amazon/amazonemail@email.com 21 X .br X mkdir: created directory \[u2018]/home/zx2c4/.password-store/Amazon\[u2019] X@@ -251,24 +205,6 @@ The generated password to Amazon/amazonemail@email.com is: X .br X <5m,_BrZY`antNDxKN<0A X X-.B zx2c4@laptop ~ $ pass push -u --all X-.br X-Counting objects: 4, done. X-.br X-Delta compression using up to 2 threads. X-.br X-Compressing objects: 100% (3/3), done. X-.br X-Writing objects: 100% (4/4), 921 bytes, done. X-.br X-Total 4 (delta 0), reused 0 (delta 0) X-.br X-To kexec.com:pass-store X-.br X-* [new branch] master -> master X-.br X-Branch master set up to track remote branch master from origin. X- X .B zx2c4@laptop ~ $ pass insert Amazon/otheraccount@email.com X .br X Enter password for Amazon/otheraccount@email.com: som3r3a11yb1gp4ssw0rd!!88** X@@ -293,20 +229,6 @@ rm 'Amazon/amazonemail@email.com.gpg' X .br X delete mode 100644 Amazon/amazonemail@email.com.gpg X X-.B zx2c4@laptop ~ $ pass push X-.br X-Counting objects: 9, done. X-.br X-Delta compression using up to 2 threads. X-.br X-Compressing objects: 100% (5/5), done. X-.br X-Writing objects: 100% (7/7), 1.25 KiB, done. X-.br X-Total 7 (delta 0), reused 0 (delta 0) X-.br X-To kexec.com:pass-store X- X .SH FILES X X .TP X@@ -320,8 +242,6 @@ be set using the \fBinit\fP command. X .SH SEE ALSO X .BR gpg (1), X .BR pwgen (1), X-.BR git (1), X-.BR xclip (1). X X .SH AUTHOR X .B pass Xdiff --git a/src/password-store.sh b/src/password-store.sh Xindex 1553e5b..103dfd1 100755 X--- src/password-store.sh X+++ src/password-store.sh X@@ -1,4 +1,4 @@ X-#!/bin/bash X+#!/usr/local/bin/bash X X # (C) Copyright 2012 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. X # This is released under the GPLv2+. Please see COPYING for more information. X@@ -7,11 +7,9 @@ umask 077 X X PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X ID="$PREFIX/.gpg-id" X-GIT="$PREFIX/.git" X GPG_OPTS="--quiet --yes --batch" X- X-export GIT_DIR="$GIT" X-export GIT_WORK_TREE="$PREFIX" X+GETOPT=/usr/local/bin/getopt X+GPG=gpg2 X X version() { X cat <<_EOF X@@ -34,27 +32,18 @@ Usage: X Initialize new password storage and use gpg-id for encryption. X $program [ls] [subfolder] X List passwords. X- $program [show] [--clip,-c] pass-name X- Show existing password and optionally put it on the clipboard. X- If put on the clipboard, it will be cleared in 45 seconds. X+ $program [show] pass-name X+ Show existing password X $program insert [--no-echo,-n | --multiline,-m] [--force,-f] pass-name X Insert new password. Optionally, the console can be enabled to not X echo the password back. Or, optionally, it may be multiline. Prompt X before overwriting existing password unless forced. X $program edit pass-name X Insert a new password or edit an existing password using ${EDITOR:-vi}. X- $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length X+ $program generate [--no-symbols,-n] pass-name pass-length X Generate a new password of pass-length with optionally no symbols. X- Optionally put it on the clipboard and clear board after 45 seconds. X $program rm pass-name X Remove existing password. X- $program push X- If the password store is a git repository, push the latest changes. X- $program pull X- If the password store is a git repository, pull the latest changes. X- $program git git-command-args... X- If the password store is a git repository, execute a git command X- specified by git-command-args. X $program help X Show this text. X $program version X@@ -63,32 +52,10 @@ _EOF X } X isCommand() { X case "$1" in X- init|ls|list|show|insert|edit|generate|remove|rm|delete|push|pull|git|help|--help|version|--version) return 0 ;; X+ init|ls|list|show|insert|edit|generate|remove|rm|delete|help|--help|version|--version) return 0 ;; X *) return 1 ;; X esac X } X-clip() { X- # This base64 business is a disgusting hack to deal with newline inconsistancies X- # in shell. There must be a better way to deal with this, but because I'm a dolt, X- # we're going with this for now. X- X- before="$(xclip -o -selection clipboard | base64)" X- echo -n "$1" | xclip -selection clipboard X- ( X- sleep 45 X- now="$(xclip -o -selection clipboard | base64)" X- if [[ $now != $(echo -n "$1" | base64) ]]; then X- before="$now" X- fi X- # It might be nice to programatically check to see if klipper exists, X- # as well as checking for other common clipboard managers. But for now, X- # this works fine. Clipboard managers frequently write their history X- # out in plaintext, so we axe it here. X- qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory >/dev/null 2>&1 X- echo "$before" | base64 -d | xclip -selection clipboard X- ) & disown X- echo "Copied $2 to clipboard. Will clear in 45 seconds." X-} X program="$(basename "$0")" X command="$1" X if isCommand "$command"; then X@@ -132,18 +99,10 @@ fi X X case "$command" in X show|ls|list) X- clip=0 X- X- opts="$(getopt -o c -l clip -n $program -- "$@")" X err=$? X- eval set -- "$opts" X- while true; do case $1 in X- -c|--clip) clip=1; shift ;; X- --) shift; break ;; X- esac done X X if [[ $err -ne 0 ]]; then X- echo "Usage: $program $command [--clip,-c] [pass-name]" X+ echo "Usage: $program $command [pass-name]" X exit 1 X fi X X@@ -161,11 +120,7 @@ case "$command" in X echo "$path is not in the password store." X exit 1 X fi X- if [ $clip -eq 0 ]; then X- exec gpg -q -d --yes --batch "$passfile" X- else X- clip "$(gpg -q -d --yes --batch "$passfile" | head -n 1)" "$path" X- fi X+ exec $GPG -q -d --yes --batch "$passfile" X fi X ;; X insert) X@@ -173,7 +128,7 @@ case "$command" in X noecho=0 X force=0 X X- opts="$(getopt -o mnf -l multiline,no-echo,force -n $program -- "$@")" X+ opts="$($GETOPT -o mnf -l multiline,no-echo,force -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -201,7 +156,7 @@ case "$command" in X if [[ $ml -eq 1 ]]; then X echo "Enter contents of $path and press Ctrl+D when finished:" X echo X- cat | gpg -e -r "$ID" -o "$passfile" $GPG_OPTS X+ cat | $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS X elif [[ $noecho -eq 1 ]]; then X while true; do X read -p "Enter password for $path: " -s password X@@ -209,7 +164,7 @@ case "$command" in X read -p "Retype password for $path: " -s password_again X echo X if [[ $password == $password_again ]]; then X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X break X else X echo "Error: the entered passwords do not match." X@@ -217,11 +172,7 @@ case "$command" in X done X else X read -p "Enter password for $path: " -e password X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X- fi X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added given password for $path to store." X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X fi X ;; X edit) X@@ -252,35 +203,28 @@ case "$command" in X X action="Added" X if [[ -f $passfile ]]; then X- gpg -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X+ $GPG -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X action="Edited" X fi X ${EDITOR:-vi} "$tmp_file" X- while ! gpg -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X+ while ! $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X echo "GPG encryption failed. Retrying." X sleep 1 X done X- X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "$action password for $path using ${EDITOR:-vi}." X- fi X ;; X generate) X- clip=0 X symbols="-y" X X- opts="$(getopt -o nc -l no-symbols,clip -n $program -- "$@")" X+ opts="$($GETOPT -o nc -l no-symbols -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X -n|--no-symbols) symbols=""; shift ;; X- -c|--clip) clip=1; shift ;; X --) shift; break ;; X esac done X X if [[ $err -ne 0 || $# -ne 2 ]]; then X- echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] pass-name pass-length" X+ echo "Usage: $program $command [--no-symbols,-n] pass-name pass-length" X exit 1 X fi X path="$1" X@@ -292,18 +236,9 @@ case "$command" in X mkdir -p -v "$PREFIX/$(dirname "$path")" X pass="$(pwgen -s $symbols $length 1)" X passfile="$PREFIX/$path.gpg" X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added generated password for $path to store." X- fi X- X- if [ $clip -eq 0 ]; then X- echo "The generated password to $path is:" X- echo "$pass" X- else X- clip "$pass" "$path" X- fi X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X+ echo "The generated password to $path is:" X+ echo "$pass" X ;; X delete|rm|remove) X if [[ $# -ne 1 ]]; then X@@ -317,26 +252,6 @@ case "$command" in X exit 1 X fi X rm -i -v "$passfile" X- if [[ -d $GIT ]] && ! [[ -f $passfile ]]; then X- git rm -f "$passfile" X- git commit -m "Removed $path from store." X- fi X- ;; X- push|pull) X- if [[ -d $GIT ]]; then X- exec git $command "$@" X- else X- echo "Error: the password store is not a git repository." X- exit 1 X- fi X- ;; X- git) X- if [[ $1 == "init" ]] || [[ -d $GIT ]]; then X- exec git "$@" X- else X- echo "Error: the password store is not a git repository." X- exit 1 X- fi X ;; X *) X usage 9880f80c54376ea46d9cdf48fbab4e1d echo x - password-store/files/linuxism+xclip.patch sed 's/^X//' >password-store/files/linuxism+xclip.patch << '4c1359423b255faea9e36114f024930a' Xdiff --git a/README b/README Xindex 52e23af..ce7c745 100644 X--- README X+++ README X@@ -15,7 +15,6 @@ Please see the man page for documentation and examples. X Depends on: X - gpg2 X - git X-- xclip X - pwgen X - tree X - GNU getopt Xdiff --git a/contrib/pass.zsh-completion b/contrib/pass.zsh-completion Xindex 5cf8808..5e1c3ac 100644 X--- contrib/pass.zsh-completion X+++ contrib/pass.zsh-completion X@@ -45,7 +45,6 @@ _pass_cmd_ls () { X X _pass_cmd_show () { X _arguments : \ X- "-c[put it on the clipboard]" \ X '*::show:_get_stored_pwd' X #'::pass id:_files -W ~/.password-store -g "*.gpg(|.*)(-.)"' X } X@@ -65,7 +64,6 @@ _pass_cmd_insert () { X _pass_cmd_generate () { X _arguments : \ X "-n[no symbols]" \ X- "-c[put password on the clipboard]" \ X '::show:_get_stored_pwd' X } X Xdiff --git a/man/pass.1 b/man/pass.1 Xindex a124c32..7df6551 100644 X--- man/pass.1 X+++ man/pass.1 X@@ -64,12 +64,8 @@ by using the X .BR tree (1) X program. This command is alternatively named \fBlist\fP. X .TP X-\fBshow\fP [ \fI--clip\fP, \fI-c\fP ] \fIpass-name\fP X-Decrypt and print a password named \fIpass-name\fP. If \fI--clip\fP or \fI-c\fP X-is specified, do not print the password but instead copy the first line to the X-clipboard using X-.BR xclip (1) X-and then restore the clipboard after 45 seconds. X+\fBshow\fP \fIpass-name\fP X+Decrypt and print a password named \fIpass-name\fP. X .TP X \fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ]\fIpass-name\fP X Insert a new password into the password store called \fIpass-name\fP. This will X@@ -88,15 +84,11 @@ ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writ X difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to X the ordinary \fBTMPDIR\fP location, and print a warning. X .TP X-\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP X+\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] \fIpass-name pass-length\fP X Generate a new password using X .BR pwgen (1) X of length \fIpass-length\fP and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP X is specified, do not use any non-alphanumeric characters in the generated password. X-If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy X-it to the clipboard using X-.BR xclip (1) X-and then restore the clipboard after 45 seconds. X .TP X \fBrm\fP \fIpass-name\fP X Remove the password named \fIpass-name\fP from the password store. This command is X@@ -165,11 +157,6 @@ Show existing password X .br X sup3rh4x3rizmynam3 X .TP X-Copy existing password to clipboard X-.B zx2c4@laptop ~ $ pass -c Email/zx2c4.com X-.br X-Copied Email/jason@zx2c4.com to clipboard. Will clear in 45 seconds. X-.TP X Add password to store X .B zx2c4@laptop ~ $ pass insert Business/cheese-whiz-factory X .br X@@ -208,11 +195,6 @@ The generated password to Email/jasondonenfeld.com is: X .br X YqFsMkBeO6di X .TP X-Generate new password and copy it to the clipboard X-.B zx2c4@laptop ~ $ pass -c generate Email/jasondonenfeld.com 19 X-.br X-Copied Email/jasondonenfeld.com to clipboard. Will clear in 45 seconds. X-.TP X Remove password from store X .B zx2c4@laptop ~ $ pass remove Business/cheese-whiz-factory X .br X@@ -321,7 +303,6 @@ be set using the \fBinit\fP command. X .BR gpg (1), X .BR pwgen (1), X .BR git (1), X-.BR xclip (1). X X .SH AUTHOR X .B pass Xdiff --git a/src/password-store.sh b/src/password-store.sh Xindex 1553e5b..43e095e 100755 X--- src/password-store.sh X+++ src/password-store.sh X@@ -1,4 +1,4 @@ X-#!/bin/bash X+#!/usr/local/bin/bash X X # (C) Copyright 2012 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. X # This is released under the GPLv2+. Please see COPYING for more information. X@@ -7,10 +7,13 @@ umask 077 X X PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X ID="$PREFIX/.gpg-id" X-GIT="$PREFIX/.git" X+GITDIR="$PREFIX/.git" X GPG_OPTS="--quiet --yes --batch" X+GETOPT=/usr/local/bin/getopt X+GPG=gpg2 X+GIT=git X X-export GIT_DIR="$GIT" X+export GIT_DIR="$GITDIR" X export GIT_WORK_TREE="$PREFIX" X X version() { X@@ -34,18 +37,16 @@ Usage: X Initialize new password storage and use gpg-id for encryption. X $program [ls] [subfolder] X List passwords. X- $program [show] [--clip,-c] pass-name X- Show existing password and optionally put it on the clipboard. X- If put on the clipboard, it will be cleared in 45 seconds. X+ $program [show] pass-name X+ Show existing password X $program insert [--no-echo,-n | --multiline,-m] [--force,-f] pass-name X Insert new password. Optionally, the console can be enabled to not X echo the password back. Or, optionally, it may be multiline. Prompt X before overwriting existing password unless forced. X $program edit pass-name X Insert a new password or edit an existing password using ${EDITOR:-vi}. X- $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length X+ $program generate [--no-symbols,-n] pass-name pass-length X Generate a new password of pass-length with optionally no symbols. X- Optionally put it on the clipboard and clear board after 45 seconds. X $program rm pass-name X Remove existing password. X $program push X@@ -67,28 +68,6 @@ isCommand() { X *) return 1 ;; X esac X } X-clip() { X- # This base64 business is a disgusting hack to deal with newline inconsistancies X- # in shell. There must be a better way to deal with this, but because I'm a dolt, X- # we're going with this for now. X- X- before="$(xclip -o -selection clipboard | base64)" X- echo -n "$1" | xclip -selection clipboard X- ( X- sleep 45 X- now="$(xclip -o -selection clipboard | base64)" X- if [[ $now != $(echo -n "$1" | base64) ]]; then X- before="$now" X- fi X- # It might be nice to programatically check to see if klipper exists, X- # as well as checking for other common clipboard managers. But for now, X- # this works fine. Clipboard managers frequently write their history X- # out in plaintext, so we axe it here. X- qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory >/dev/null 2>&1 X- echo "$before" | base64 -d | xclip -selection clipboard X- ) & disown X- echo "Copied $2 to clipboard. Will clear in 45 seconds." X-} X program="$(basename "$0")" X command="$1" X if isCommand "$command"; then X@@ -132,18 +111,10 @@ fi X X case "$command" in X show|ls|list) X- clip=0 X- X- opts="$(getopt -o c -l clip -n $program -- "$@")" X err=$? X- eval set -- "$opts" X- while true; do case $1 in X- -c|--clip) clip=1; shift ;; X- --) shift; break ;; X- esac done X X if [[ $err -ne 0 ]]; then X- echo "Usage: $program $command [--clip,-c] [pass-name]" X+ echo "Usage: $program $command [pass-name]" X exit 1 X fi X X@@ -161,11 +132,7 @@ case "$command" in X echo "$path is not in the password store." X exit 1 X fi X- if [ $clip -eq 0 ]; then X- exec gpg -q -d --yes --batch "$passfile" X- else X- clip "$(gpg -q -d --yes --batch "$passfile" | head -n 1)" "$path" X- fi X+ exec $GPG -q -d --yes --batch "$passfile" X fi X ;; X insert) X@@ -173,7 +140,7 @@ case "$command" in X noecho=0 X force=0 X X- opts="$(getopt -o mnf -l multiline,no-echo,force -n $program -- "$@")" X+ opts="$($GETOPT -o mnf -l multiline,no-echo,force -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X@@ -201,7 +168,7 @@ case "$command" in X if [[ $ml -eq 1 ]]; then X echo "Enter contents of $path and press Ctrl+D when finished:" X echo X- cat | gpg -e -r "$ID" -o "$passfile" $GPG_OPTS X+ cat | $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS X elif [[ $noecho -eq 1 ]]; then X while true; do X read -p "Enter password for $path: " -s password X@@ -209,7 +176,7 @@ case "$command" in X read -p "Retype password for $path: " -s password_again X echo X if [[ $password == $password_again ]]; then X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X break X else X echo "Error: the entered passwords do not match." X@@ -217,11 +184,11 @@ case "$command" in X done X else X read -p "Enter password for $path: " -e password X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$password" X fi X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added given password for $path to store." X+ if [[ -d $GITDIR ]]; then X+ $GIT add "$passfile" X+ $GIT commit -m "Added given password for $path to store." X fi X ;; X edit) X@@ -252,35 +219,33 @@ case "$command" in X X action="Added" X if [[ -f $passfile ]]; then X- gpg -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X+ $GPG -d -o "$tmp_file" $GPG_OPTS "$passfile" || exit 1 X action="Edited" X fi X ${EDITOR:-vi} "$tmp_file" X- while ! gpg -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X+ while ! $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS "$tmp_file"; do X echo "GPG encryption failed. Retrying." X sleep 1 X done X X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "$action password for $path using ${EDITOR:-vi}." X+ if [[ -d $GITDIR ]]; then X+ $GIT add "$passfile" X+ $GIT commit -m "$action password for $path using ${EDITOR:-vi}." X fi X ;; X generate) X- clip=0 X symbols="-y" X X- opts="$(getopt -o nc -l no-symbols,clip -n $program -- "$@")" X+ opts="$($GETOPT -o nc -l no-symbols -n $program -- "$@")" X err=$? X eval set -- "$opts" X while true; do case $1 in X -n|--no-symbols) symbols=""; shift ;; X- -c|--clip) clip=1; shift ;; X --) shift; break ;; X esac done X X if [[ $err -ne 0 || $# -ne 2 ]]; then X- echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] pass-name pass-length" X+ echo "Usage: $program $command [--no-symbols,-n] pass-name pass-length" X exit 1 X fi X path="$1" X@@ -292,18 +257,13 @@ case "$command" in X mkdir -p -v "$PREFIX/$(dirname "$path")" X pass="$(pwgen -s $symbols $length 1)" X passfile="$PREFIX/$path.gpg" X- gpg -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X- if [[ -d $GIT ]]; then X- git add "$passfile" X- git commit -m "Added generated password for $path to store." X- fi X- X- if [ $clip -eq 0 ]; then X- echo "The generated password to $path is:" X- echo "$pass" X- else X- clip "$pass" "$path" X+ $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" X+ if [[ -d $GITDIR ]]; then X+ $GIT add "$passfile" X+ $GIT commit -m "Added generated password for $path to store." X fi X+ echo "The generated password to $path is:" X+ echo "$pass" X ;; X delete|rm|remove) X if [[ $# -ne 1 ]]; then X@@ -317,22 +277,45 @@ case "$command" in X exit 1 X fi X rm -i -v "$passfile" X- if [[ -d $GIT ]] && ! [[ -f $passfile ]]; then X- git rm -f "$passfile" X- git commit -m "Removed $path from store." X+ if [[ -d $GITDIR ]] && ! [[ -f $passfile ]]; then X+ $GIT rm -f "$passfile" X+ $GIT commit -m "Removed $path from store." X fi X ;; X push|pull) X- if [[ -d $GIT ]]; then X- exec git $command "$@" X+ if [[ -d $GITDIR ]]; then X+ exec $GIT $command "$@" X else X echo "Error: the password store is not a git repository." X exit 1 X fi X ;; X git) X- if [[ $1 == "init" ]] || [[ -d $GIT ]]; then X- exec git "$@" X+ if [[ $1 == "init" ]]; then X+ username=$2 X+ useremail=$3 X+ X+ $GIT init X+ X+ if [ -z "$username" ]; then X+ current=$($GIT config user.name) X+ prompt="Set your git user.name: " X+ read -e -i "$current" -p "$prompt" username X+ username="${username:-$username}" X+ fi X+ if [ -z "$useremail" ]; then X+ current=$($GIT config user.email) X+ prompt="Set your git user.email: " X+ read -e -i "$current" -p "$prompt" useremail X+ useremail="${useremail:-$useremail}" X+ fi X+ $GIT config user.name "$username" X+ $GIT config user.email "$useremail" X+ echo .gpg-id > $PREFIX/.gitignore X+ $GIT add . X+ $GIT commit -m "Adding existing passwords to the store." X+ elif [[ -d $GITDIR ]]; then X+ exec $GIT "$@" X else X echo "Error: the password store is not a git repository." X exit 1 4c1359423b255faea9e36114f024930a echo x - password-store/pkg-descr sed 's/^X//' >password-store/pkg-descr << '75be9358dd745e19791d6fcc6e713fb9' XPassword management should be simple and follow Unix philosophy. With pass, each Xpassword lives inside of a gpg encrypted file whose filename is the title of the Xwebsite or resource that requires the password. These encrypted iles may be Xorganized into meaningful folder hierarchies, copied from computer to computer, Xand, in general, manipulated using standard command line file management Xutilities. X Xpass makes managing these individual password files extremely easy. All Xpasswords live in ~/.password-store, and pass provides some nice commands for Xadding, editing, generating, and retrieving passwords. It is a very short an Xsimple shell script. It's capable of temporarily putting passwords on your Xclipboard and tracking password changes using git. X XYou can edit the password store using ordinary unix shell commands alongside the Xpass command. There are no funky file formats or new paradigms to learn. There Xis bash completion so that you can simply hit tab to fill in names. X XWWW: http://zx2c4.com/projects/password-store/ 75be9358dd745e19791d6fcc6e713fb9 exit --- .shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209161559.q8GFxA7E080665>